biggest online theft what's known to date has been accomplished through a Advanced Persistent Threats (APT) it's theran between October 2015 and June 2016.
A hacker group known as Lazarus, targeted financial institutions around the world, attacking their SWIFT network interconnected backoffice systems through a malware, for sending international payments. The SWIFT network consists of over 11,000 institutions from over 200 countries.
Almost reported one billion dollars in operationswhere over 150 million dollars has not been recovered. It is believed that many transactions were not disclosed or even known.
And why is this important?
Many executives think this is far from their institution, but you need to know the modus operandi of this incident.
Advanced Persistent Threats (APT) this is the name given to the technique used by hackers infiltrate the malware in the institutions and start the theft. The criminals, besides sending the transactions, had access to logs, controls, processes and business logic in the victims' environment.
Usually the APT attacks are developed by governments, terrorists or individuals obsessed with carrying out the attack and the main points in common are:
- Very personal - Attackers carefully select the target based on political, commercial or national security interests.
- Persistent - Of course, due to their motivation, but very different from automated attacks, in this type the hacker always analyzes the result changing a lot of strategy. Including social engineering attacks, utilizing insider attacks, impersonating employees, among others.
- Focus on the control - the focus is to gain control of critical infrastructure, sensitive data, the crown jewels.
- Not automated - Attackers often use some automation, but focused on a single target, rarely use large-scale attacks, or broadcasting.
This is a problem that the CEO himself must recognize as critical and prepare to face it, this is no longer a cybersecurity risk, this is an operational risk!Thus, the CEO's goal should be to make the anti-fraud, risk, compliance and inspectorate areas work together to create a framework unique management and security.
Regulatory pressure from now on will be great, as is the case with the resolution of the Bacen no. 4658/2018 and the recent, in approval, LGPD (our version of GDPR).
And how can I defend myself?
Financial institutions must take integrated control of their processes and technology to prevent and detect anomalies. This should be a work based on a Security Framework personalized for each institution and in a constant cycle of evolution.
An extremely important starting point is to conduct a Health check to know your maturity against a benchmark Market In addition to diagnosis it is also very important to motivate all executives C-level to have the same goal and mission: to transform the institution with resilience.
* Umberto Rosti is CEO of Safeway